Skip to content

Added new presentation and CSAF webview tool #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Added new presentation and CSAF webview tool #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions assets/mobirise/css/mbr-additional.css
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
@import url(https://fonts.googleapis.com/css?family=Darker+Grotesque:300,400,500,600,700,800,900&display=swap);





body {
font-family: 'Darker Grotesque', sans-serif;
}
Expand Down Expand Up @@ -2562,6 +2568,19 @@ a {
min-height: 105px;
}
}
.cid-ulAjl6PeDM {
background: #000000;
padding-top: 30px;
padding-bottom: 60px;
}
.cid-ulAjl6PeDM .video-block {
margin: auto;
}
@media (max-width: 768px) {
.cid-ulAjl6PeDM .video-block {
width: 100% !important;
}
}
.cid-tpb2uVJW9M {
background: #000000;
padding-top: 30px;
Expand Down
40 changes: 20 additions & 20 deletions assets/theme/js/script.js
View file
Open in desktop

Large diffs are not rendered by default.

154 changes: 153 additions & 1 deletion faq.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,153 @@
<meta http-equiv="refresh" content="0; URL=https://github.com/oasis-tcs/csaf/blob/master/csaf_2.0/guidance/faq.md" />
<!DOCTYPE html>
<html >
<head>

<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">

<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1">
<link rel="shortcut icon" href="assets/images/screen-shot-2022-11-28-at-10.16.00-pm-279x97.png" type="image/x-icon">
<meta name="description" content="CSAF and VEX Frequently Asked Questions">


<title>FAQ</title>
<link rel="stylesheet" href="assets/web/assets/mobirise-icons/mobirise-icons.css">
<link rel="stylesheet" href="assets/web/assets/mobirise-icons-bold/mobirise-icons-bold.css">
<link rel="stylesheet" href="assets/font-awesome/css/font-awesome.css">
<link rel="stylesheet" href="assets/icon54/style.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-grid.min.css">
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap-reboot.min.css">
<link rel="stylesheet" href="assets/dropdown/css/style.css">
<link rel="stylesheet" href="assets/socicon/css/styles.css">
<link rel="stylesheet" href="assets/theme/css/style.css">
<link rel="preload" as="style" href="assets/mobirise/css/mbr-additional.css"><link rel="stylesheet" href="assets/mobirise/css/mbr-additional.css" type="text/css">




</head>
<body>

<section data-bs-version="5.1" class="menu menu1 cid-sRAtISOGzm" once="menu" id="menu1-g">


<nav class="navbar navbar-dropdown navbar-expand-lg">
<div class="container-custom container-fluid">
<div class="navbar-brand">
<span class="navbar-logo">
<a href="index.html">
<img src="assets/images/screen-shot-2022-11-28-at-10.16.00-pm-279x97.png" alt="CSAF" style="height: 5.3rem;">
</a>
</span>

</div>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-bs-toggle="collapse" data-target="#navbarSupportedContent" data-bs-target="#navbarSupportedContent" aria-controls="navbarNavAltMarkup" aria-expanded="false" aria-label="Toggle navigation">
<div class="hamburger">
<span></span>
<span></span>
<span></span>
<span></span>
</div>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">

<div class="navbar-nav-container">
<ul class="navbar-nav nav-dropdown nav-right" data-app-modern-menu="true"><li class="nav-item"><a class="nav-link link text-primary display-7" href="https://docs.oasis-open.org/csaf/csaf/v2.0/os/schemas/" target="_blank"><span class="fa fa-file-code-o mbr-iconfont mbr-iconfont-btn"></span>
Schemas</a></li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="specification.html" target="_blank"><span class="icon54-v1-document-file mbr-iconfont mbr-iconfont-btn"></span>
Specification</a></li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="https://github.com/oasis-tcs/csaf" target="_blank"><span class="mbri-github mbr-iconfont mbr-iconfont-btn"></span>
GitHub</a> </li>
<li class="nav-item"><a class="nav-link link text-primary display-7" href="faq.html"><span class="mbrib-question mbr-iconfont mbr-iconfont-btn"></span>FAQ</a>
</li></ul>

</div>


</div>
</div>
</nav>
</section>

<section class="features9 cid-toxCmSo3BF" id="features9-i">







<div class="container-fluid">
<div class="row justify-content-center">
<div class="content-wrap">
<div class="col-12 col-lg-8 col-text">
<div class="text-wrapper">
<p class="mbr-text mbr-fonts-style mb-0 display-2">Frequently Asked Questions
</p>
</div>
</div>
<div class="col-12 col-lg-4 image-wrapper">
<div class="btn-container">

</div>
</div>
</div>
</div>
</div>
</section>

<section class="features2 cid-toxDrh6fJv" id="features2-l">







<div class="container-fluid">
<div class="row justify-content-center">
<div class="col-12 col-md col-text">
<div class="text-wrapper">
<p class="mbr-text mbr-fonts-style mb-0 display-7"><strong>What is the Common Advisory Security Framework (CSAF)?</strong><br>The Common Security Advisory Framework (CSAF) is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties. You can <a href="https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html" class="text-primary" target="_blank">access the CSAF 2.0 standard here</a>.<br><br><strong>What problems are addressed by CSAF? </strong><br>CSAF enable individuals and organizations to successfully disclose and consume security advisories in machine readable format. It also specifies the distribution and discovery of CSAF documents<br><br><strong>Is CSAF a replacement for CVE? </strong><br>No. CSAF is not a replacement for CVE. A CSAF document may include one or many security vulnerabilities that have been assigned a CVE. Not all vulnerabilities are assigned a CVE. CSAF also allows for any organization to be able to disclose or consume security vulnerabilities or responses that do not have an assigned CVE.<br><br><strong>What is VEX and how is it supported in CSAF?</strong><br>The Vulnerability Exploitability eXchange (VEX) allows a software supplier or other parties to assert the status of specific vulnerabilities in a particular product. CSAF supports VEX to allow suppliers and other parties to provide the status of the vulnerabilities that may affect a product. As stated i<a href="https://www.cisa.gov/sites/default/files/publications/VEX_Use_Cases_Aprill2022.pdf" class="text-primary" target="_blank">n CISA's VEX Use Case documentation</a>, VEX is a form of a security advisory, similar to those already issued by mature product security teams today. There are a few important improvements for the VEX model over ‘traditional’ security advisories. First, VEX documents are machine readable, built to support integration into existing and novel security management tools, as well as broader vulnerability tracking platforms. Second, VEX data can support more effective use of <a href="https://www.cisa.gov/sbom" class="text-primary" target="_blank">Software Bills of Materials (SBOM) data</a>. <br><br><strong>Is CSAF the replacement for CVRF?</strong><br>Yes. CSAF is the replacement for the Common Vulnerability Reporting Framework (CVRF). It enhances the capabilities of CVRF including different profiles (e.g., CSAF Base, Informational Advisory, Incident Response, VEX, etc.). Each profile extends the base profile "CSAF Base" - directly or indirect through another profile from the standard - by making additional fields from the standard mandatory. A profile can always add, but never subtract nor overwrite requirements defined in the profile it extends. CSAF also provides several additional enhancements that were not supported in CVRF. In addition, CSAF uses JSON vs. XML (which was used in CVRF).</p>
<div class="btn-container">

</div>
</div>
</div>
<div class="col-12 col-md-4 image-wrapper">
<img src="assets/images/mbr-600x600.png" alt="CSAF FAQ">
</div>
</div>
</div>
</section>

<section data-bs-version="5.1" class="footer2 cid-sRAtK8mSnJ" once="footers" id="footer2-h">





<div class="container">
<div class="media-container-row align-center mbr-white">
<div class="col-12">
<p class="mbr-text mb-0 mbr-fonts-style display-7">
© Copyright 2025 OASIS CSAF TC - All Rights Reserved
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we are a little bit ahead of ourselves. According to my calendar, it is still 2024. 😜

</p>
</div>
</div>
</div>
</section>


<script src="assets/web/assets/jquery/jquery.min.js"></script>
<script src="assets/bootstrap/js/bootstrap.bundle.min.js"></script>
<script src="assets/smoothscroll/smooth-scroll.js"></script>
<script src="assets/ytplayer/index.js"></script>
<script src="assets/dropdown/js/navbar-dropdown.js"></script>
<script src="assets/theme/js/script.js"></script>



</body>
</html>
Comment on lines +1 to +153
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the old FAQ. The TC decided to directly use the one from Github.

Loading